<p>There is no fixed version for <code>darcyclarke-manifest-pkg</code>.</p>

Improper Interaction Between Multiple Correctly-Behaving Entities Affecting darcyclarke-manifest-pkg package, versions *

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-DARCYCLARKEMANIFESTPKG-5742970
published 29 Jun 2023
disclosed 28 Jun 2023
credit Darcy Clarke

Report a new vulnerability Found a mistake?

Introduced: 28 Jun 2023

CWE-435 Open this link in a new tab First added by Snyk

How to fix?

There is no fixed version for darcyclarke-manifest-pkg.

Overview

darcyclarke-manifest-pkg is a research package to demonstrate the technique of manifest confusion

Affected versions of this package are vulnerable to Improper Interaction Between Multiple Correctly-Behaving Entities. This is not a vulnerability on its own.

This package is a proof of concept of Manifest Confusion, in which the contents of a publicly distributed open source package does not match the contents stated in its manifest file. More information on the discovery can be found on the Snyk Support Portal.

References

Manifest Confusion Blog Post

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

Low
Availability (A)

None

Improper Interaction Between Multiple Correctly-Behaving Entities Affecting darcyclarke-manifest-pkg package, versions *

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 28 Jun 2023

How to fix?

Overview

References

CVSS Scores

Snyk